Will 2012 REALLY be the year of the cyberwar?

What defines an act of cyberwar? Is it a sophisticated hack from China or Russia that shuts down the U.S. power grid? Is it a rogue group like Anonymous breaking into government sites? Is it all the spying China has been doing for several years now? And what about Stuxnet and Duqu? Were those creations an act of war by the U.S. and Israel against Iran? Does a cyberwar involve government and military sites only or does it include the networks of private enterprise as well?

The debate will continue to limp along in 2012. Don't expect a clearer definition, because you probably won't get one. Still, on a much smaller, targeted scale, we have plenty of evidence that online battlefields between nations isn't beyond reality. Instead of waiting for the perfect metrics and verbiage, we may as well accept that the tools and know-how exist for cyberwar and plan our defenses accordingly.

Spy vs. spyClearly, governments have been using hackers to spy on other countries via weaknesses in computing infrastructure for years now. Back in 2009, colleague Grant Gross wrote about cyberspies from China, Russia and elsewhere gaining access to the U.S. electrical grid and installing malware tools designed to terminate service. One could interpret those actions as an act of war, though it's difficult to know for certain what the motives are.

Just a couple weeks ago, colleague Jeremy Kirk wrote about a report in which the Office of the National Counterintelligence Executive warned of more aggressive spying in the coming months. Specifically, he wrote, the U.S. can expect more aggressive efforts from countries such as Russia and China to collect information through cyberespionage in areas such as pharmaceuticals, defense and manufacturing

"Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report said. "Russia's intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets."

"The biggest challenge we face isn't that we're not ready for a Stuxnet. The biggest problem we face is that we're not really ready for anything. If you were to do a pen test -- and there's plenty of research out there to support this -- most utility companies are extremely vulnerable," says Eric Knapp, director of critical infrastructure markets at NitroSecurity.

What to do?Fortunately, there are already steps we can take to harden our defenses. David Marcus, director of security research at McAfee, wrote about the incidents in his blog, saying it's no more difficult to attack a SCADA network or system than it is to attack any other system. It's always just a matter of time, he writes, adding:

"Certainly we may see more SCADA-based or SCADA-focused attacks in the future. Attackers tend to target systems that can be successfully compromised, and recent history has shown that these systems are at least as vulnerable as other types of networked systems." But that isnt really the point, he said. "In my mind, the second question often morphs into 'How do we know they are not already compromised and actively under attack now?'"

Assuming we are, he suggested a few things individual SCADA admins can do:

Include "cyber" in all risk management

Set up extensive penetration testing

Set up extensive counter-social engineering training

Put a SCADA-specific CERT plan and team in place

Network with law enforcement at all levels

Expect to get attacked and take appropriate countermeasures

Though this advice was offered to SCADA admins, the advice is applicable to the wider challenges that go into protecting network infrastructure.

Know what you're talking aboutThe greatest challenge, perhaps, is getting our definition of cyberwar straight. I'm one of the first to admit that I don't have my own act together on this yet. But as I work on that, I have plenty of good resources to draw from. One is a column Brian Krebs wrote for us around this time last year called " The cyberwar will not be streamed."

In it, he warned against the careless use of cyberwar terminology in the wake of Wikileaks. He wrote:

I hope the media will exercise a bit more restraint in tossing around volatile terms like cyberwar, particularly to describe the antics of a group that has a well-earned reputation for attention-grabbing stunts and lampooning just about everything. At best, such flattery may only encourage copycat attacks; at worst, it trivializes the far more serious issues raised by the Wikileaks scandal.

One thing is certain about the coming year. Whether or not we can see things that are easily defined as cyberwarfare, things will no doubt be getting more interesting. Hopefully, we're better prepared than this time last year.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.